Skip to content

Commit

Permalink
Merge pull request #463 from hackjunction/dev
Browse files Browse the repository at this point in the history
Auth0 tenant documentation & and bug fix #460
  • Loading branch information
Jussii authored Jun 22, 2021
2 parents 7df2c76 + d303980 commit 7fe400a
Show file tree
Hide file tree
Showing 12 changed files with 4,594 additions and 51 deletions.
47 changes: 41 additions & 6 deletions DEVELOPMENT.md
Original file line number Diff line number Diff line change
@@ -1,15 +1,15 @@
# Setting up your development environment

Follow this quick guide to set up the project for local development.
Follow this quick guide to set up the project for local development.

### Prerequisites

Before you begin, make sure you have the following installed on your system:

- Node.js 12.x (Recommended: use Nvm for managing Node versions)
- MongoDB 3.6.x
- Node.js 12.x (Recommended: use Nvm for managing Node versions)
- MongoDB 3.6.x

Regarding your development environment: *I highly recommend you to use VSCode with the Prettier and EsLint plugins installed. This way your code can be automatically fixed on save, according to the eslint/prettier configuration defined in the project.* The project will not allow commits that do not pass the linter.
Regarding your development environment: _I highly recommend you to use VSCode with the Prettier and EsLint plugins installed. This way your code can be automatically fixed on save, according to the eslint/prettier configuration defined in the project._ The project will not allow commits that do not pass the linter.

### Clone the repository

Expand All @@ -27,9 +27,44 @@ npm install
npm run setup
```

### Auth0 tenant set up

JunctionApp uses Auth0 for user authentication and authorization. To set up Auth0 for local development:

1. Create an Auth0 account
2. Follow [this](https://auth0.com/docs/deploy/deploy-cli-tool/create-and-configure-the-deploy-cli-application) tutorial to create a `auth0-deploy-cli-extension` in Auth0
3. Add Auth0 Authorization extension to your tenant. [img. 1.]
4. Go to the Authorization extensions settings and enable API access
5. Fill `config.json` with `auth0-deploy-cli-extension` applications information and authorization extensions url. [img. 2]

- AUTH0_DOMAIN
- from `auth0-deploy-cli-extension` [img. 2.]
- AUTH0_CLIENT_ID
- from `auth0-deploy-cli-extension` [img. 2.]
- AUTHO_CLIENT_SECRET
- from `auth0-deploy-cli-extension` [img. 2.]
- AUDIENCE
- Your domain url
- AUTHZ_URL
- from authorization extension [img. 2.]

6. Run `npm run auth0`. The script is going to display error message but everything works.

- In your auth0 tenant there should be now 5 new applications.

7. Copy and paste Junction App SSO Client ID to every `applicationId` field in `authzExtConfig.json`
8. Import `authzExtConfig.json` file to the Authorization Extensions
9. In Authorization Extension click PUBLISH RULES

![img 1. authz extension](https://res.cloudinary.com/hackjunction/image/upload/v1623838367/github/documentation/121153778-07935600-c84f-11eb-80b1-447a71449b28.png) [img. 1.]

![img 2. auth0-extension](https://res.cloudinary.com/hackjunction/image/upload/v1623838367/github/documentation/2021-06-16_12-33.png) [img. 2]

![img 3. authz-url](https://res.cloudinary.com/hackjunction/image/upload/v1623838367/github/documentation/2021-06-16_12-35.png) [img. 3]

### Set up your environment variables

To be able to run the project, you'll need to set up some environment variables. Follow the instructions in `ENV.md` to do that.
To be able to run the project, you'll need to set up some environment variables. Follow the instructions in `ENV.md` to do that.

### Run the project in development mode

Expand All @@ -41,4 +76,4 @@ The app will automatically reload when you make changes to the code. Note: start

### Notes

The development version of Auth0 will automatically grant all permissions to users who sign up. When you create a new user in the app, you should by default have access to e.g. create new events on the organiser dashboard under /organise.
The development version of Auth0 will automatically grant all permissions to users who sign up. When you create a new user in the app, you should by default have access to e.g. create new events on the organiser dashboard under /organise.
103 changes: 103 additions & 0 deletions auth0/authzExtConfig.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,103 @@
{
"configuration": [
{
"_id": "v1",
"rolesInToken": true,
"permissionsInToken": true,
"persistRoles": true,
"persistPermissions": true
}
],
"permissions": [
{
"applicationType": "client",
"applicationId": "applicationId",
"description": "Can access the recruitment dashboard",
"name": "access:recruitment",
"_id": "e7b2a8a4-a0d7-4d2d-8287-f855f14ce788"
},
{
"applicationType": "client",
"applicationId": "applicationId",
"description": "Can create new events",
"name": "create:event",
"_id": "de453879-880f-444e-8776-f3ca4d11558b"
},
{
"applicationType": "client",
"applicationId": "applicationId",
"description": "Can delete events which they organise",
"name": "delete:event",
"_id": "3687fde6-ab38-4fbf-bb93-b1a496f53e04"
},
{
"applicationType": "client",
"applicationId": "applicationId",
"description": "Can access event management",
"name": "manage:event",
"_id": "e4531c1d-3825-47ad-aaef-72169843c4f2"
},
{
"applicationType": "client",
"applicationId": "applicationId",
"description": "Can manage access to recruitment dashboard",
"name": "manage:recruitment",
"_id": "60ccbf60-7172-42f9-bf02-e552c03f5946"
}
],
"roles": [
{
"_id": "2d2c4e8e-6716-476d-badc-aa37abd4a99b",
"applicationType": "client",
"applicationId": "applicationId",
"description": "Access to some organiser functionality",
"name": "AssistantOrganiser",
"permissions": ["e4531c1d-3825-47ad-aaef-72169843c4f2"]
},
{
"_id": "8b6bcb7c-011a-4479-b45c-f646d5b200cb",
"applicationType": "client",
"applicationId": "applicationId",
"description": "Access to all organiser functionality",
"name": "Organiser",
"permissions": [
"de453879-880f-444e-8776-f3ca4d11558b",
"3687fde6-ab38-4fbf-bb93-b1a496f53e04",
"e4531c1d-3825-47ad-aaef-72169843c4f2"
]
},
{
"_id": "412a6c79-4ec7-41e4-b180-5d1391c7dcf1",
"applicationType": "client",
"applicationId": "applicationId",
"description": "Can access recruitment functionality",
"name": "Recruiter",
"permissions": ["e7b2a8a4-a0d7-4d2d-8287-f855f14ce788"]
},
{
"_id": "45e3cd1c-2fbc-4d49-b730-3bedbab57cb6",
"applicationType": "client",
"applicationId": "applicationId",
"description": "Has permission to add and remove recruiter access",
"name": "RecruiterAdmin",
"permissions": [
"60ccbf60-7172-42f9-bf02-e552c03f5946",
"e7b2a8a4-a0d7-4d2d-8287-f855f14ce788"
]
},
{
"_id": "637fae63-fa0d-49fb-b137-01dcb75e8efe",
"applicationType": "client",
"applicationId": "applicationId",
"description": "God Mode (can do everything)",
"name": "SuperAdmin",
"permissions": [
"e7b2a8a4-a0d7-4d2d-8287-f855f14ce788",
"3687fde6-ab38-4fbf-bb93-b1a496f53e04",
"e4531c1d-3825-47ad-aaef-72169843c4f2",
"de453879-880f-444e-8776-f3ca4d11558b",
"60ccbf60-7172-42f9-bf02-e552c03f5946"
]
}
]
}
24 changes: 24 additions & 0 deletions auth0/config.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@
{
"AUTH0_DOMAIN": "<your-tenant>.eu.auth0.com",
"AUTH0_CLIENT_ID": "<your-tenant>",
"AUTH0_CLIENT_SECRET": "<your-tenant>",
"AUTH0_KEYWORD_REPLACE_MAPPINGS": {
"APP_CALLBACKS": [
"http://localhost:3000/callback",
"http://localhost:3000"
],
"APP_LOGOUT_URLS": [
"http://localhost:3000/logout",
"http://localhost:3000"
],
"AUDIENCE": "https://<your-tenant>.eu.auth0.com/api/v2/",
"APP_NAME_BACKEND": "Junction App Backend",
"APP_NAME_FRONTEND": "Junction SSO",
"AUTHZ_URL": "https://<your-tenant>.webtask.io/adf6e2f2b84784b57522e3b19dfc9201"
},
"EXCLUDED_PROPS": {
"clients": ["client_secret"],
"connections": ["options.client_secret"]
},
"AUTH0_ALLOW_DELETE": true
}
79 changes: 79 additions & 0 deletions auth0/pages/login.html
Original file line number Diff line number Diff line change
@@ -0,0 +1,79 @@
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1">
<title>Sign In with Auth0</title>
<meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1, user-scalable=0" />
</head>
<body>

<!--[if IE 8]>
<script src="//cdnjs.cloudflare.com/ajax/libs/ie8/0.2.5/ie8.js"></script>
<![endif]-->

<!--[if lte IE 9]>
<script src="https://cdn.auth0.com/js/base64.js"></script>
<script src="https://cdn.auth0.com/js/es5-shim.min.js"></script>
<![endif]-->

<script src="https://cdn.auth0.com/js/lock/11.26/lock.min.js"></script>
<script>
// Decode utf8 characters properly
var config = JSON.parse(decodeURIComponent(escape(window.atob('@@config@@'))));
config.extraParams = config.extraParams || {};
var connection = config.connection;
var prompt = config.prompt;
var languageDictionary;
var language;

if (config.dict && config.dict.signin && config.dict.signin.title) {
languageDictionary = { title: config.dict.signin.title };
} else if (typeof config.dict === 'string') {
language = config.dict;
}
var loginHint = config.extraParams.login_hint;
var colors = config.colors || {};

// Available Lock configuration options: https://auth0.com/docs/libraries/lock/v11/configuration
var lock = new Auth0Lock(config.clientID, config.auth0Domain, {
auth: {
redirectUrl: config.callbackURL,
responseType: (config.internalOptions || {}).response_type ||
(config.callbackOnLocationHash ? 'token' : 'code'),
params: config.internalOptions
},
configurationBaseUrl: config.clientConfigurationBaseUrl,
overrides: {
__tenant: config.auth0Tenant,
__token_issuer: config.authorizationServer.issuer
},
assetsUrl: config.assetsUrl,
allowedConnections: connection ? [connection] : null,
rememberLastLogin: !prompt,
language: config.extraParams.ui_locales,
languageDictionary: languageDictionary,
theme: {
//logo: 'YOUR LOGO HERE',
primaryColor: colors.primary ? colors.primary : 'green'
},
prefill: loginHint ? { email: loginHint, username: loginHint } : null,
closable: false,
defaultADUsernameFromEmailPrefix: false
});

if(colors.page_background) {
var css = '.auth0-lock.auth0-lock .auth0-lock-overlay { background: ' +
colors.page_background +
' }';
var style = document.createElement('style');

style.appendChild(document.createTextNode(css));

document.body.appendChild(style);
}

lock.show();
</script>
</body>
</html>
21 changes: 21 additions & 0 deletions auth0/rules/Add data to idToken.js
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
function (user, context, callback) {
const namespace = 'https://app.hackjunction.com/';
const assignedRoles = (context.authorization || {}).roles || [];

context.idToken[namespace + 'country'] = context.request.geoip.country_name;
context.idToken[namespace + 'city'] = context.request.geoip.city_name;
context.idToken[namespace + 'latitude'] = context.request.geoip.latitude;
context.idToken[namespace + 'longitude'] = context.request.geoip.longitude;
context.idToken[namespace + 'roles'] = user.roles;
context.idToken[namespace + 'permissions'] = user.permissions;
context.idToken[namespace + 'email'] = user.email;
context.idToken[namespace + 'email_verified'] = user.email_verified;

if (user.user_metadata) {
context.idToken[namespace + 'recruiter_events'] = user.user_metadata.recruiterEvents || [];
context.idToken[namespace + 'recruiter_organisation'] = user.user_metadata.recruiterOrganisation;
}


callback(null, user, context);
}
Loading

0 comments on commit 7fe400a

Please sign in to comment.